Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://cloud.google.com/sdk/gcloud/reference/iam/service-accounts/remove-iam-policy-binding below:

gcloud iam service-accounts remove-iam-policy-binding | Google Cloud SDK Documentation

Stay organized with collections Save and categorize content based on your preferences.

NAME

gcloud iam service-accounts remove-iam-policy-binding - remove IAM policy binding from a service account

SYNOPSIS

gcloud iam service-accounts remove-iam-policy-binding SERVICE_ACCOUNT --member=PRINCIPAL --role=ROLE [--all     | --condition=[KEY=VALUE,…]     | --condition-from-file=PATH_TO_FILE] [GCLOUD_WIDE_FLAG …]

DESCRIPTION

Remove an IAM policy binding from the IAM policy of a service account. A binding consists of at least one member, a role, and an optional condition.

When managing IAM roles, you can treat a service account either as a resource or as an identity. This command is to remove a policy binding from a service account resource. There are other gcloud commands to manage IAM policies for other types of resources. For example, to manage IAM policies on a project, use the $ gcloud projects commands.

If the service account does not exist, this command returns a PERMISSION_DENIED error.

EXAMPLES

To remove an IAM policy binding for the role of 'roles/editor' for the user 'test-user@gmail.com' on a service account with identifier 'my-iam-account@my-project.iam.gserviceaccount.com', run:

gcloud iam service-accounts remove-iam-policy-binding my-iam-account@my-project.iam.gserviceaccount.com --member='user:test-user@gmail.com' --role='roles/editor'

To remove an IAM policy binding for the role of 'roles/editor' from all authenticated users on service account 'my-iam-account@my-project.iam.gserviceaccount.com', run:

gcloud iam service-accounts remove-iam-policy-binding my-iam-account@my-project.iam.gserviceaccount.com --member='allAuthenticatedUsers' --role='roles/editor'

To remove an IAM policy binding which expires at the end of the year 2018 for the role of 'roles/iam.serviceAccountAdmin' and the user 'test-user@gmail.com' on a service account with identifier 'my-iam-account@my-project.iam.gserviceaccount.com', run:

gcloud iam service-accounts remove-iam-policy-binding my-iam-account@my-project.iam.gserviceaccount.com --member='user:test-user@gmail.com' --role='roles/iam.serviceAccountAdmin' --condition='expression=request.time <
 timestamp("2019-01-01T00:00:00Z"),title=expires_end_of_2018,descrip\
tion=Expires at midnight on 2018-12-31'

See https://cloud.google.com/iam/docs/managing-policies for details of policy role and member types.

POSITIONAL ARGUMENTS

ServiceAccount resource - The service account to remove the IAM policy binding from. Note that the user, group or service account in the --member flag is having its access revoked. This represents a Cloud resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways.

To set the project attribute:

• provide the argument service_account on the command line with a fully specified name;
• provide the argument --project on the command line;
• set the property core/project.

This must be specified.

SERVICE_ACCOUNT

ID of the serviceAccount or fully qualified identifier for the serviceAccount.

To set the service_account attribute:

• provide the argument service_account on the command line.

REQUIRED FLAGS

--member=PRINCIPAL

The principal to remove the binding for. Should be of the form user|group|serviceAccount:email or domain:domain.

Examples: user:test-user@gmail.com, group:admins@example.com, serviceAccount:test123@example.domain.com, or domain:example.domain.com.

Deleted principals have an additional deleted: prefix and a ?uid=UID suffix, where UID is a unique identifier for the principal. Example: deleted:user:test-user@gmail.com?uid=123456789012345678901.

Some resources also accept the following special values:

• allUsers - Special identifier that represents anyone who is on the internet, with or without a Google account.
• allAuthenticatedUsers - Special identifier that represents anyone who is authenticated with a Google account or a service account.

--role=ROLE

The role to remove the principal from.

OPTIONAL FLAGS

At most one of these can be specified:

--all

Remove all bindings with this role and principal, irrespective of any conditions.

--condition=[KEY=VALUE,…]

The condition of the binding that you want to remove. When the condition is explicitly specified as None (--condition=None), a binding without a condition is removed. Otherwise, only a binding with a condition that exactly matches the specified condition (including the optional description) is removed. For more on conditions, refer to the conditions overview guide: https://cloud.google.com/iam/docs/conditions-overview

When using the --condition flag, include the following key-value pairs:

expression

(Required) Condition expression that evaluates to True or False. This uses a subset of Common Expression Language syntax.

If the condition expression includes a comma, use a different delimiter to separate the key-value pairs. Specify the delimiter before listing the key-value pairs. For example, to specify a colon (:) as the delimiter, do the following: --condition=^:^title=TITLE:expression=EXPRESSION. For more information, see https://cloud.google.com/sdk/gcloud/reference/topic/escaping.

title

(Required) A short string describing the purpose of the expression.

description

(Optional) Additional description for the expression.

--condition-from-file=PATH_TO_FILE

Path to a local JSON or YAML file that defines the condition. To see available fields, see the help for --condition. Use a full or relative path to a local file containing the value of condition.

GCLOUD WIDE FLAGS

These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

API REFERENCE

This command uses the iam/v1 API. The full documentation for this API can be found at: https://cloud.google.com/iam/

NOTES

These variants are also available:

gcloud alpha iam service-accounts remove-iam-policy-binding

gcloud beta iam service-accounts remove-iam-policy-binding

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-05-07 UTC.

[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-07 UTC."],[],[]]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4